Unhautorized status

trying to update a certificate after adding a new alias in the last version of plesk on centos7
Before the last release of plesk never problems…

Error: Could not issue a Let’s Encrypt SSL/TLS certificate for zweikapitaene.de .

Invalid response from https://acme-v02.api.letsencrypt.org/acme/chall-v3/1097000430/9fdcRA.
Type: urn:ietf:params:acme:error:unauthorized
Status: 403
Detail: User account ID doesn’t match account ID in authorization

Hi @silvano

please answer all of the following questions:

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is:

I ran this command:

It produced this output:

My web server is (include version):

The operating system my web server runs on is (include version):

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don’t know):

I’m using a control panel to manage my site (no, or provide the name and version of the control panel):

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot):

Checking your domain via https://check-your-website.server-daten.de/?q=zweikapitaene.de that can’t work. A redirect /.well-known/acme-challenge/random-filename to /.

But that’s not your error message.

PS: Searching lists that topic.

Looks like an internal Plesk bug.

1 Like

Thank you Juergen,
is also my opinion that the last Plesk (even with rev.#2 like in my case) has still bugs in the let’s encrypt side. In our VPS we can’t renew the certificates (server wide, all the webspaces…) via Plesk interface. Sometimes we get the error described above, and sometimes the panel “freezes” in an endless upload. I think/suppose also the automatic renew does not work. Everything begun after the upgrade to the Obsydian release.
I found a new addon installed and active by default after the upgrade, called “SSL It!” (below)

The extension offers a single interface for securing your websites with SSL/TLS certificates from the following trusted certificate authorities (CA):
Let’s Encrypt
DigiCert (Symantec, GeoTrust, Thawte, and RapidSSL brands) CAs are integrated into SSL It! using plugins. We plan to add support for more CAs in the future.
With SSL It! you can do all of the following in a single interface (which replaces the usual “SSL/TLS Certificates” interface)

I removed it but it did not help.

Anyway a ticket was opened from our german service provider directly to Plesk. We hope in a quick solution, before the issue becomes an emergency.
Thanks for the given answer above.

1 Like

Then Plesk has to fix it. Good to know - thanks for reporting back.

I made a test:
I removed niro-v4a.de from the aliases of zweikapitaene.de and created it again as a new domain. Then I tried to install the certificate and after an incredible long time it was created. So: impossible to get the certificate as alias, but possible as single website, but with an extremely long time for the execution (usually the certificate is created within a few seconds). Now I don’t know what to think… bug or local issue? Anyway is not normal a so long execution time for a single certificate.
I will update this post with the answers (hopely solutions) from Plesk or from the Provider.